There are LOGONIDs defined to ACF2 that do not have the required fields completed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-158 | ACF0560 | SV-158r3_rule | DCCS-1 DCCS-2 | Low |
| Description |
|---|
| Within the LOGONID record, the users name and UID-string fields must be completed to ensure individual user accountability. |
| STIG | Date |
|---|---|
| z/OS ACF2 STIG | 2019-12-12 |
Details
| Check Text ( C-17770r3_chk ) |
|---|
| Refer to the following report produced by the ACF2 Data Collection: - ACF2CMDS.RPT(LOGONIDS) Automated Analysis Refer to the following report produced by the ACF2 Data Collection Checklist: - PDI(ACF0560) Verify that the below listed fields are complete for all logonids. If the following guidance is true, this is not a finding. NAME User's name UID-String All fields defined in the ACFFDR @UID macro NOTE: A completed NAME field that can either be traced back to a current DD2875 or a Vendor Requirement (example: A Started Task). NOTE: A user may be required to have more than one logonid but users must not share userids. |
| Fix Text (F-16883r2_fix) |
|---|
| The IAO will ensure that all LOGONID records have the required attributes. Review all LOGONID definitions to ensure required information is provided. Every user will be identified to ACF2 via a unique userid. (ACF2 calls this a logonid.) To ACF2, a user is an individual, a started task, or a batch job. Every user will be fully identified within ACF2. Complete the following fields for every logonid: NAME - User's name UID-String - All fields defined in the ACFFDR @UID macro All fields that comprise the standard UID string will be filled out for each user as a logonid is added. Example: SET LID INSERT logoind UID(uid string) NAME(user name) |